FIX: Show error message when password is too common (#30507)

app/assets/javascripts/discourse/app/components/modal/create-account.js

@@ -461,11 +461,7 @@ export default class CreateAccount extends Component.extend(
           ) {
             this.rejectedEmails.pushObject(result.values.email);
           }
-          if (
+          if (result.errors?.["user_password.password"]?.length > 0) {
-            result.errors &&
-            result.errors.password &&
-            result.errors.password.length > 0
-          ) {
             this.rejectedPasswords.pushObject(attrs.accountPassword);
           }
           this.set("formSubmitted", false);

app/assets/javascripts/discourse/app/controllers/invites-show.js

@@ -338,15 +338,11 @@ export default class InvitesShowController extends Controller.extend(
           ) {
             this.rejectedEmails.pushObject(result.values.email);
           }
-          if (
+          if (result.errors?.["user_password.password"]?.length > 0) {
-            result.errors &&
-            result.errors.password &&
-            result.errors.password.length > 0
-          ) {
             this.rejectedPasswords.pushObject(this.accountPassword);
             this.rejectedPasswordsMessages.set(
               this.accountPassword,
-              result.errors.password[0]
+              result.errors["user_password.password"][0]
             );
           }
           if (result.message) {

app/assets/javascripts/discourse/app/controllers/password-reset.js

@@ -145,7 +145,7 @@ export default class PasswordResetController extends Controller.extend(
             securityKeyRequired: false,
             errorMessage: null,
           });
-        } else if (result.errors?.password?.length > 0) {
+        } else if (result.errors?.["user_password.password"]?.length > 0) {
           this.rejectedPasswords.pushObject(this.accountPassword);
           this.rejectedPasswordsMessages.set(
             this.accountPassword,

app/assets/javascripts/discourse/app/controllers/signup.js

@@ -456,11 +456,7 @@ export default class SignupPageController extends Controller.extend(
           ) {
             this.rejectedEmails.pushObject(result.values.email);
           }
-          if (
+          if (result.errors?.["user_password.password"]?.length > 0) {
-            result.errors &&
-            result.errors.password &&
-            result.errors.password.length > 0
-          ) {
             this.rejectedPasswords.pushObject(attrs.accountPassword);
           }
           this.set("formSubmitted", false);

app/assets/javascripts/discourse/tests/acceptance/password-reset-test.js

@@ -22,7 +22,7 @@ acceptance("Password Reset", function (needs) {
       if (body.password === "jonesyAlienSlayer") {
         return helper.response({
           success: false,
-          errors: { password: ["is the name of your cat"] },
+          errors: { "user_password.password": ["is the name of your cat"] },
           friendly_messages: ["Password is the name of your cat"],
         });
       } else {

spec/system/signup_spec.rb

@@ -71,6 +71,20 @@ shared_examples "signup scenarios" do |signup_page_object, login_page_object|
       expect(page).to have_current_path("/t/#{topic.slug}/#{topic.id}")
     end
 
+    it "cannot signup with a common password" do
+      signup_form
+        .open
+        .fill_email("johndoe@example.com")
+        .fill_username("john")
+        .fill_password("0123456789")
+      expect(signup_form).to have_valid_fields
+
+      signup_form.click_create_account
+      expect(signup_form).to have_content(
+        I18n.t("activerecord.errors.models.user_password.attributes.password.common"),
+      )
+    end
+
     context "with invite code" do
       before { SiteSetting.invite_code = "cupcake" }